2. 2
PUBLIC
Overview
• HSBC Global – geography and markets
• One Strategy – global rollout, different needs
• Access Management
• Designed for variance
• Biometry
• APIs
• Identity Management
• Your organisation’s developers are your customers
3. 3
PUBLIC
HSBC Global – Retail and Wealth
• 37 markets across 70
countries
• 37M customers
• 3 geographic IT points of presence (NA, EU, AP) –many localised sub
PoPs covering geopolitical and regulatory boundaries
• One solution, globally.
• Deploy to PROD, which PROD?
4. 4
PUBLIC
Access Management
• Maturation of security standards - OIDC / OAuth2 / UMA / SSO
• Strong desire to USE these
• Zero desire to CODE these
• Subsume underlying identity
repositories
• Using ForgeRock Access Management
and ForgeRock Identity Management
• Security commoditised
ForgeRock Access
Management
IDP
RETAIL COMMERCIAL PRIVATE
5. 5
PUBLIC
Access Management
Market 2 Market 3
PoP
ForgeRock Access
Management
Instance 2
App Y
ForgeRock Access
Management
Instance 1
Market 1
App X
Journey A Journey B
GEOPOLICTICAL AND
BUSINESS LINE
INSTANCING
Piloting – A/B
• Extreme multiplicity requires variation to be at the heart of the
solution… Security democratised
LOGICAL /
REALMS
GEOGRAPHIC
INSTANCING
6. 6
PUBLIC
Access Management - Biometry
• Biometrics – growing in capability and usefulness
• Build biometrics on top of a solid foundation
• They are just new credentials (inherence factor)
• Assume rapid change in this space
• Build to pivot – add or jettison is a steady state
ForgeRock Access
Management
ForgeRock Access
Management
Knowledge
ForgeRock Access
Management Possession
ForgeRock Access
Management
Inherence Broker
Biometric 2
Biometric 1
7. 7
PUBLIC
Banking APIs
• A polarised conversation: Should banks enable “programmatic” access?
• In the UK this decision was made for us: YOU MUST
• CMA OpenBanking initiative, authenticated journeys Q1 2018
• HSBC ready and primed for OIDC and OAuth to publish carefully
curated APIs / Services
• Because we use ForgeRock Access Management and this is what
ForgeRock Access Management does…
8. 8
PUBLIC
Identity Management
• HSBC has identity data on clients globally
• Immediately, this helps the
digital bank (internal)
• Further, capacity to participate in
identity data markets
ForgeRock Access
Management
Customer Data
Customer Data
ForgeRock Access
Management
IDENTITY
as a SERVICE
Internal
Systems
Internal
Systems
Internal
Systems
9. 9
PUBLIC
Look After Your Developers
• Developers love to build, but they
need permission:
• To innovate, to challenge, to
execute (securely)
• They need a way forward: via
security platforms, patterns and
architectural guardrails
• Publish usable security capabilities to your organisation.
(hint: ForgeRock). Your Devs will take care of your clients.
10. 10
PUBLIC
Thank you …
Ian Sorbello
Head of Product Technology - Security | HSBC Digital Solutions (HDS)
HSBC Operations, Services and Technology (HOST) | HSBC Holdings plc
Level 7, 110 Southwark St, London SE1 0SU, United Kingdom
E-mail: ian.sorbello@hsbc.com
Website: www.hsbc.com